Merge pull request Azure#13137 from CrashCringle12/CrashCringle12-abuseipdb-fixes

Fix Typos and Update Img Source in AbuseIPDB Playbook Solutions

Author: v-atulyadav

Solutions/AbuseIPDB/Data/Solution_AbuseIPDB.json

@@ -6,11 +6,11 @@
   "Playbooks": [
     "Solutions/AbuseIPDB/Playbooks/AbuseIPDBAPIConnector/azuredeploy.json",
     "Solutions/AbuseIPDB/Playbooks/AbuseIPDB-EnrichIncidentByIPInfo/azuredeploy.json",
-    "Solutions/AbuseIPDB/Playbooks/AbuseIPDB-ReportaIPsToAbuselPDBAfterCheckingByUserInMSTeams/azuredeploy.json",
+    "Solutions/AbuseIPDB/Playbooks/AbuseIPDB-ReportIPsAfterUserResponseInMSTeams/azuredeploy.json",
     "Solutions/AbuseIPDB/Playbooks/AbuseIPDB-BlacklistIpToThreatIntelligence/azuredeploy.json"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel",
-  "Version": "3.0.1",
+  "Version": "3.0.2",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false

Solutions/AbuseIPDB/Data/system_generated_metadata.json

@@ -30,6 +30,6 @@
     "Playbooks/AbuseIPDBAPIConnector/azuredeploy.json",
     "Playbooks/AbuseIPDB-BlacklistIpToThreatIntelligence/azuredeploy.json",
     "Playbooks/AbuseIPDB-EnrichIncidentByIPInfo/azuredeploy.json",
-    "Playbooks/AbuseIPDB-ReportaIPsToAbuselPDBAfterCheckingByUserInMSTeams/azuredeploy.json"
+    "Playbooks/AbuseIPDB-ReportIPsAfterUserResponseInMSTeams/azuredeploy.json"
   ]
 }

Solutions/AbuseIPDB/Package/3.0.2.zip

@@ -33,7 +33,7 @@
     "email": "[email protected]",
     "_email": "[variables('email')]",
     "_solutionName": "AbuseIPDB",
-    "_solutionVersion": "3.0.1",
+    "_solutionVersion": "3.0.2",
     "solutionId": "azuresentinel.azure-sentinel-solution-abuseipdb",
     "_solutionId": "[variables('solutionId')]",
     "AbuseIPDBAPIConnector": "AbuseIPDBAPIConnector",
@@ -54,10 +54,10 @@
     "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]",
     "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]",
     "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
-    "AbuseIPDB-ReportaIPsToAbuselPDBAfterCheckingByUserInMSTeams": "AbuseIPDB-ReportaIPsToAbuselPDBAfterCheckingByUserInMSTeams",
-    "_AbuseIPDB-ReportaIPsToAbuselPDBAfterCheckingByUserInMSTeams": "[variables('AbuseIPDB-ReportaIPsToAbuselPDBAfterCheckingByUserInMSTeams')]",
+    "AbuseIPDB-ReportIPsAfterUserResponseInMSTeams": "AbuseIPDB-ReportIPsAfterUserResponseInMSTeams",
+    "_AbuseIPDB-ReportIPsAfterUserResponseInMSTeams": "[variables('AbuseIPDB-ReportIPsAfterUserResponseInMSTeams')]",
     "playbookVersion3": "1.0",
-    "playbookContentId3": "AbuseIPDB-ReportaIPsToAbuselPDBAfterCheckingByUserInMSTeams",
+    "playbookContentId3": "AbuseIPDB-ReportIPsAfterUserResponseInMSTeams",
     "_playbookContentId3": "[variables('playbookContentId3')]",
     "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]",
     "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]",
@@ -82,7 +82,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "AbuseIPDBAPIConnector Playbook with template version 3.0.1",
+        "description": "AbuseIPDBAPIConnector Playbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion1')]",
@@ -640,7 +640,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "AbuseIPDB-EnrichIncidentByIPInfo Playbook with template version 3.0.1",
+        "description": "AbuseIPDB-EnrichIncidentByIPInfo Playbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion2')]",
@@ -735,27 +735,27 @@
                           "inputs": {
                             "name": "Result List",
                             "value": {
-                              "abuseConfidenceScore": "@body('AuseIPDB_CHECK_Endpoint')?['data']?['abuseConfidenceScore']",
-                              "hostnames": "@body('AuseIPDB_CHECK_Endpoint')?['data']?['hostnames']",
-                              "ipAddress": "@body('AuseIPDB_CHECK_Endpoint')?['data']?['ipAddress']",
-                              "ipVersion": "@body('AuseIPDB_CHECK_Endpoint')?['data']?['ipVersion']",
-                              "isPublic": "@body('AuseIPDB_CHECK_Endpoint')?['data']?['isPublic']",
-                              "isWhitelisted": "@body('AuseIPDB_CHECK_Endpoint')?['data']?['isWhitelisted']",
-                              "isp": "@body('AuseIPDB_CHECK_Endpoint')?['data']?['isp']",
-                              "lastReportedAt": "@body('AuseIPDB_CHECK_Endpoint')?['data']?['lastReportedAt']",
-                              "numDistinctUsers": "@body('AuseIPDB_CHECK_Endpoint')?['data']?['numDistinctUsers']",
-                              "totalReports": "@body('AuseIPDB_CHECK_Endpoint')?['data']?['totalReports']",
-                              "usageType": "@body('AuseIPDB_CHECK_Endpoint')?['data']?['usageType']"
+                              "abuseConfidenceScore": "@body('AbuseIPDB_CHECK_Endpoint')?['data']?['abuseConfidenceScore']",
+                              "hostnames": "@body('AbuseIPDB_CHECK_Endpoint')?['data']?['hostnames']",
+                              "ipAddress": "@body('AbuseIPDB_CHECK_Endpoint')?['data']?['ipAddress']",
+                              "ipVersion": "@body('AbuseIPDB_CHECK_Endpoint')?['data']?['ipVersion']",
+                              "isPublic": "@body('AbuseIPDB_CHECK_Endpoint')?['data']?['isPublic']",
+                              "isWhitelisted": "@body('AbuseIPDB_CHECK_Endpoint')?['data']?['isWhitelisted']",
+                              "isp": "@body('AbuseIPDB_CHECK_Endpoint')?['data']?['isp']",
+                              "lastReportedAt": "@body('AbuseIPDB_CHECK_Endpoint')?['data']?['lastReportedAt']",
+                              "numDistinctUsers": "@body('AbuseIPDB_CHECK_Endpoint')?['data']?['numDistinctUsers']",
+                              "totalReports": "@body('AbuseIPDB_CHECK_Endpoint')?['data']?['totalReports']",
+                              "usageType": "@body('AbuseIPDB_CHECK_Endpoint')?['data']?['usageType']"
                             }
                           },
                           "runAfter": {
-                            "AuseIPDB_CHECK_Endpoint": [
+                            "AbuseIPDB_CHECK_Endpoint": [
                               "Succeeded"
                             ]
                           },
                           "type": "AppendToArrayVariable"
                         },
-                        "AuseIPDB_CHECK_Endpoint": {
+                        "AbuseIPDB_CHECK_Endpoint": {
                           "inputs": {
                             "host": {
                               "connection": {
@@ -814,7 +814,7 @@
                       "type": "ApiConnection"
                     },
                     "Get_Logo": {
-                      "inputs": "<img src=\"https://www.abuseipdb.com/img/abuseipdb.png.pagespeed.ce.CI8T6WsXU7.png\"  width=\"152\" height=\"32\"> ",
+                      "inputs": "<img src=\"https://www.abuseipdb.com/img/abuseipdb.png\"  width=\"152\" height=\"32\"> ",
                       "runAfter": {
                         "Entities_-_Get_IPs": [
                           "Succeeded"
@@ -974,14 +974,14 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "AbuseIPDB-ReportaIPsToAbuselPDBAfterCheckingByUserInMSTeams Playbook with template version 3.0.1",
+        "description": "AbuseIPDB-ReportIPsAfterUserResponseInMSTeams Playbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion3')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "AbuseIPDB-ReportaIPsToAbuselPDBAfterCheckingByUserInMSTeams",
-              "type": "String"
+              "defaultValue": "AbuseIPDB-ReportIPsAfterUserResponseInMSTeams",
+              "type": "string"
             },
             "customApis_AbuseIPDBAPI_name": {
               "defaultValue": "AbuseIPDBAPI",
@@ -992,16 +992,16 @@
             },
             "MSTeamsGroupId": {
               "defaultValue": "<MSTeamsGroupId>",
-              "type": "String",
+              "type": "string",
               "metadata": {
-                "description": "Value of the MSTeamsGroupId parameter in the AbuseIPDB-ReportaIPsToAbuselPDBAfterCheckingByUserInMSTeams playbook. Id of the Teams Group where the adaptive card will be posted."
+                "description": "Value of the MSTeamsGroupId parameter in the AbuseIPDB-ReportIPsAfterUserResponseInMSTeams playbook. Id of the Teams Group where the adaptive card will be posted."
               }
             },
             "MSTeamsChannelId": {
               "defaultValue": "<MSTeamsChannelId>",
-              "type": "String",
+              "type": "string",
               "metadata": {
-                "description": "Value of the MSTeamsChannelId parameter in the AbuseIPDB-ReportaIPsToAbuselPDBAfterCheckingByUserInMSTeams playbook. Id of the Teams Channel where the adaptive card will be posted."
+                "description": "Value of the MSTeamsChannelId parameter in the AbuseIPDB-ReportIPsAfterUserResponseInMSTeams playbook. Id of the Teams Channel where the adaptive card will be posted."
               }
             }
           },
@@ -1340,7 +1340,7 @@
                       "type": "Foreach"
                     },
                     "Get_Logo": {
-                      "inputs": "<img src=\"https://www.abuseipdb.com/img/abuseipdb.png.pagespeed.ce.CI8T6WsXU7.png\"  width=\"152\" height=\"32\"> ",
+                      "inputs": "<img src=\"https://www.abuseipdb.com/img/abuseipdb.png\"  width=\"152\" height=\"32\"> ",
                       "runAfter": {
                         "Entities_-_Get_IPs": [
                           "Succeeded"
@@ -1469,7 +1469,7 @@
             }
           ],
           "metadata": {
-            "title": " AbuseIPDB Report a IPs To AbuselPDB After Checking By User In MSTeams",
+            "title": "AbuseIPDB Report IPs To AbuseIPDB After User Response In MSTeams",
             "description": "When a new sentinel incident is created, this playbook gets triggered and performs the following actions:\n 1. Sends an adaptive card to the Teams channel where the analyst can choose an action to be taken.",
             "prerequisites": [
               "1. Prior to the deployment of this playbook, AbuseIPDB Connector needs to be deployed under the same subscription.",
@@ -1495,7 +1495,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "AbuseIPDB Report a IPs To AbuselPDB After Checking By User In MSTeams",
+                "title": "AbuseIPDB Report IPs To AbuseIPDB After User Response In MSTeams",
                 "notes": [
                   "Initial version"
                 ]
@@ -1510,7 +1510,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('_playbookContentId3')]",
         "contentKind": "Playbook",
-        "displayName": "AbuseIPDB-ReportaIPsToAbuselPDBAfterCheckingByUserInMSTeams",
+        "displayName": "AbuseIPDB-ReportIPsAfterUserResponseInMSTeams",
         "contentProductId": "[variables('_playbookcontentProductId3')]",
         "id": "[variables('_playbookcontentProductId3')]",
         "version": "[variables('playbookVersion3')]"
@@ -1525,7 +1525,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "AbuseIPDB-BlacklistIpToThreatIntelligence Playbook with template version 3.0.1",
+        "description": "AbuseIPDB-BlacklistIpToThreatIntelligence Playbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion4')]",
@@ -1830,8 +1830,7 @@
             "prerequisites": [
               "1. AbuseIPDBAPI Custom Connector has to be deployed prior to the deployment of this playbook under the same subscription.",
               "2. To use the Microsoft Graph Security connector actions, Microsoft Entra ID tenant administrator consent needs to be provided. The Microsoft Graph Security connector application ID and name for Microsoft Entra ID follows for Microsoft Entra ID administrator consent:\n- Application Name - MicrosoftGraphSecurityConnector\n- Application ID - c4829704-0edc-4c3d-a347-7c4a67586f3c",
-              
-			  "3. To view the Threat Indicators submitted by Microsoft Graph Security connector, 'Threat Intelligence Platforms' connector from 'Threat Intelligence' Solution need to be install."
+              "3. To view the Threat Indicators submitted by Microsoft Graph Security connector, 'Threat Intelligence Platforms' connector from 'Threat Intelligence' Solution need to be install."
             ],
             "preDeployment": [
               "1. AbuseIPDB Custom Connector has to be deployed prior to the deployment of this playbook under the same subscription."
@@ -1881,7 +1880,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.1",
+        "version": "3.0.2",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "AbuseIPDB",
@@ -1923,7 +1922,7 @@
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_AbuseIPDB-ReportaIPsToAbuselPDBAfterCheckingByUserInMSTeams')]",
+              "contentId": "[variables('_AbuseIPDB-ReportIPsAfterUserResponseInMSTeams')]",
               "version": "[variables('playbookVersion3')]"
             },
             {

Solutions/AbuseIPDB/Package/mainTemplate.json

@@ -130,27 +130,27 @@
                            "inputs":{
                               "name":"Result List",
                               "value":{
-                                 "abuseConfidenceScore":"@body('AuseIPDB_CHECK_Endpoint')?['data']?['abuseConfidenceScore']",
-                                 "hostnames":"@body('AuseIPDB_CHECK_Endpoint')?['data']?['hostnames']",
-                                 "ipAddress":"@body('AuseIPDB_CHECK_Endpoint')?['data']?['ipAddress']",
-                                 "ipVersion":"@body('AuseIPDB_CHECK_Endpoint')?['data']?['ipVersion']",
-                                 "isPublic":"@body('AuseIPDB_CHECK_Endpoint')?['data']?['isPublic']",
-                                 "isWhitelisted":"@body('AuseIPDB_CHECK_Endpoint')?['data']?['isWhitelisted']",
-                                 "isp":"@body('AuseIPDB_CHECK_Endpoint')?['data']?['isp']",
-                                 "lastReportedAt":"@body('AuseIPDB_CHECK_Endpoint')?['data']?['lastReportedAt']",
-                                 "numDistinctUsers":"@body('AuseIPDB_CHECK_Endpoint')?['data']?['numDistinctUsers']",
-                                 "totalReports":"@body('AuseIPDB_CHECK_Endpoint')?['data']?['totalReports']",
-                                 "usageType":"@body('AuseIPDB_CHECK_Endpoint')?['data']?['usageType']"
+                                 "abuseConfidenceScore":"@body('AbuseIPDB_CHECK_Endpoint')?['data']?['abuseConfidenceScore']",
+                                 "hostnames":"@body('AbuseIPDB_CHECK_Endpoint')?['data']?['hostnames']",
+                                 "ipAddress":"@body('AbuseIPDB_CHECK_Endpoint')?['data']?['ipAddress']",
+                                 "ipVersion":"@body('AbuseIPDB_CHECK_Endpoint')?['data']?['ipVersion']",
+                                 "isPublic":"@body('AbuseIPDB_CHECK_Endpoint')?['data']?['isPublic']",
+                                 "isWhitelisted":"@body('AbuseIPDB_CHECK_Endpoint')?['data']?['isWhitelisted']",
+                                 "isp":"@body('AbuseIPDB_CHECK_Endpoint')?['data']?['isp']",
+                                 "lastReportedAt":"@body('AbuseIPDB_CHECK_Endpoint')?['data']?['lastReportedAt']",
+                                 "numDistinctUsers":"@body('AbuseIPDB_CHECK_Endpoint')?['data']?['numDistinctUsers']",
+                                 "totalReports":"@body('AbuseIPDB_CHECK_Endpoint')?['data']?['totalReports']",
+                                 "usageType":"@body('AbuseIPDB_CHECK_Endpoint')?['data']?['usageType']"
                               }
                            },
                            "runAfter":{
-                              "AuseIPDB_CHECK_Endpoint":[
+                              "AbuseIPDB_CHECK_Endpoint":[
                                  "Succeeded"
                               ]
                            },
                            "type":"AppendToArrayVariable"
                         },
-                        "AuseIPDB_CHECK_Endpoint":{
+                        "AbuseIPDB_CHECK_Endpoint":{
                            "inputs":{
                               "host":{
                                  "connection":{
@@ -215,7 +215,7 @@
                      "type":"ApiConnection"
                   },
                   "Get_Logo":{
-                     "inputs":"<img src=\"https://www.abuseipdb.com/img/abuseipdb.png.pagespeed.ce.CI8T6WsXU7.png\"  width=\"152\" height=\"32\"> ",
+                     "inputs":"<img src=\"https://www.abuseipdb.com/img/abuseipdb.png\"  width=\"152\" height=\"32\"> ",
                      "runAfter":{
                         "Entities_-_Get_IPs":[
                            "Succeeded"
@@ -288,4 +288,4 @@
          }
       }
    ]
-}
+}